Expert Advice Community

Guest

Supplier Security Policy

  Quote
Guest
Guest user Created:   Oct 08, 2021 Last commented:   Oct 08, 2021

Supplier Security Policy

Hello Support,

I hope you are doing well,

I am planning to work on the SUPPLIER SECURITY POLICY, I have some questions:

Do you have any SUPPLIER SECURITY POLICY questionnaire template ready on the toolkit or your website?
Do you have any SUPPLIER SECURITY MANAGEMENT partner or suggestion that we could consider to use?
In the 3.2.           Screening, the policy says “[Job title] decides whether it is necessary to perform background verification checks for individual suppliers and partners, and if yes – which methods must be used.” What method does it mean?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 08, 2021

1. Do you have any SUPPLIER SECURITY POLICY questionnaire template ready on the toolkit or your website?

Answer: A questionnaire to support the application of the Supplier Security Policy is not necessary.

Please note that the Supplier Security Policy is based on risk assessment to find out which controls a supplier need to have to provide the security level your organization needs, and for that, you can use the Risk Assessment Table included in your toolkit, in folder 5 Risk Assessment and Risk Treatment.

For further information, see:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/

2. Do you have any SUPPLIER SECURITY MANAGEMENT partner or suggestion that we could consider use?

Answer: I’m assuming the question is about an external software that will handle suppliers.

In this case, it is not very common for smaller companies to use such kind of software (usually the external partners are handled without the use of a software).

For other cases, I'm sorry, but it’s our policy not to suggest specific companies or technologies related to the implementation of controls.

3. In the 3.2. Screening, the policy says “[Job title] decides whether it is necessary to perform background verification checks for individual suppliers and partners, and if yes – which methods must be used.” What method does it mean?

Answer: Methods here means the ways you will use to perform background verification. Please note that these may be limited to local laws or regulations.

Examples of methods for background verification are interviews with previous employers/customers, reference letters, consultation to government agencies. 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 08, 2021

Oct 08, 2021

Suggested Topics

Guest user Created:   Jan 13, 2016 ISO 27001 & 22301
Replies: 1
0 0

Supplier Security Policy

Guest user Created:   Sep 29, 2021 ISO 27001 & 22301
Replies: 1
0 0

15.1. Control Document

Guest user Created:   Jun 29, 2021 ISO 27001 & 22301
Replies: 1
0 0

Question about A.7.1.2